- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser][base-browser-115.2.0esr-13.0-1] fixup! Firefox preference overrides.
by richard (＠richard) 29 Aug '23

29 Aug '23

richard pushed to branch base-browser-115.2.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 649fb5b7 by Pier Angelo Vendrame at 2023-08-29T19:52:12+00:00 fixup! Firefox preference overrides. Bug 41797: Lock RFP in release builds - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -266,7 +266,12 @@ pref("dom.serviceWorkers.enabled", false); pref("dom.push.enabled", false); // Fingerprinting +// tor-browser#41797: For release builds, lock RFP +#if MOZ_UPDATE_CHANNEL == release +pref("privacy.resistFingerprinting", true, locked); +#else pref("privacy.resistFingerprinting", true); +#endif // tor-browser#18603: failIfMajorPerformanceCaveat is an optional attribute that // can be used when creating a WebGL context if the browser detects that the // performance would be low. That could be used to fingerpting users with a not View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/649fb5b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/649fb5b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.2.0esr-13.0-1] fixup! Firefox preference overrides.
by richard (＠richard) 29 Aug '23

29 Aug '23

richard pushed to branch tor-browser-115.2.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 3fbd7156 by Pier Angelo Vendrame at 2023-08-29T08:48:14+02:00 fixup! Firefox preference overrides. Bug 41797: Lock RFP in release builds - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -266,7 +266,12 @@ pref("dom.serviceWorkers.enabled", false); pref("dom.push.enabled", false); // Fingerprinting +// tor-browser#41797: For release builds, lock RFP +#if MOZ_UPDATE_CHANNEL == release +pref("privacy.resistFingerprinting", true, locked); +#else pref("privacy.resistFingerprinting", true); +#endif // tor-browser#18603: failIfMajorPerformanceCaveat is an optional attribute that // can be used when creating a WebGL context if the browser detects that the // performance would be low. That could be used to fingerpting users with a not View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3fbd715… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3fbd715… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-update-responses][main] release: new version, 12.5.3
by richard (＠richard) 29 Aug '23

29 Aug '23

richard pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: 93ed4147 by Richard Pospesel at 2023-08-29T17:56:28+00:00 release: new version, 12.5.3 - - - - - 30 changed files: - update_3/release/.htaccess - − update_3/release/12.5-12.5.2-linux32-ALL.xml - − update_3/release/12.5-12.5.2-linux64-ALL.xml - − update_3/release/12.5-12.5.2-macos-ALL.xml - − update_3/release/12.5-12.5.2-win32-ALL.xml - − update_3/release/12.5-12.5.2-win64-ALL.xml - + update_3/release/12.5-12.5.3-linux32-ALL.xml - + update_3/release/12.5-12.5.3-linux64-ALL.xml - + update_3/release/12.5-12.5.3-macos-ALL.xml - + update_3/release/12.5-12.5.3-win32-ALL.xml - + update_3/release/12.5-12.5.3-win64-ALL.xml - − update_3/release/12.5.1-12.5.2-linux32-ALL.xml - − update_3/release/12.5.1-12.5.2-linux64-ALL.xml - − update_3/release/12.5.1-12.5.2-macos-ALL.xml - − update_3/release/12.5.1-12.5.2-win32-ALL.xml - − update_3/release/12.5.1-12.5.2-win64-ALL.xml - + update_3/release/12.5.1-12.5.3-linux32-ALL.xml - + update_3/release/12.5.1-12.5.3-linux64-ALL.xml - + update_3/release/12.5.1-12.5.3-macos-ALL.xml - + update_3/release/12.5.1-12.5.3-win32-ALL.xml - + update_3/release/12.5.1-12.5.3-win64-ALL.xml - + update_3/release/12.5.2-12.5.3-linux32-ALL.xml - + update_3/release/12.5.2-12.5.3-linux64-ALL.xml - + update_3/release/12.5.2-12.5.3-macos-ALL.xml - + update_3/release/12.5.2-12.5.3-win32-ALL.xml - + update_3/release/12.5.2-12.5.3-win64-ALL.xml - − update_3/release/12.5.2-linux32-ALL.xml - − update_3/release/12.5.2-linux64-ALL.xml - − update_3/release/12.5.2-macos-ALL.xml - − update_3/release/12.5.2-win32-ALL.xml The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag mb-12.5.3-build1
by ma1 (＠ma1) 29 Aug '23

29 Aug '23

ma1 pushed new tag mb-12.5.3-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/mb-… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-12.5.3-build1
by ma1 (＠ma1) 29 Aug '23

29 Aug '23

ma1 pushed new tag tbb-12.5.3-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-12.5] Bugs 40910, 40911: Tor Browser and Mullvad Browser 12.5.3
by ma1 (＠ma1) 29 Aug '23

29 Aug '23

ma1 pushed to branch maint-12.5 at The Tor Project / Applications / tor-browser-build Commits: 54b1f7ae by Giorgio Maone at 2023-08-29T14:26:08+02:00 Bugs 40910, 40911: Tor Browser and Mullvad Browser 12.5.3 - - - - - 9 changed files: - projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/browser/allowed_addons.json - projects/firefox/config - projects/geckoview/config - projects/go/config - projects/openssl/config - projects/translation/config - rbm.conf Changes: ===================================== projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt ===================================== @@ -1,3 +1,59 @@ +Mullvad Browser 12.5.3 - August 28 2023 + * All Platforms + * Updated Translations + * Updated Firefox to 102.15.0esr + * Bug 232: Rebase Mullvad Browser stable onto 102.15 [mullvad-browser] + * Bug 42053: Backport security fixes from Firefox 117 to ESR 102.15 - based Tor Browser [tor-browser] + * Bug 40937: First window after update should go to the user-friendly release page on GitHub [tor-browser-build] + * Build System + * All Platforms + * Bug 40857: Mullvad Browser generated downloads.json references tbb-* build tag rather than mb-* [tor-browser-build] + * Bug 40913: add boklm back to list of taggers in relevant projects [tor-browser-build] + * Bug 40921: staticiforme-prepare-cdn-dist-upload uses hardcoded torbrowser path for .htacess file generation [tor-browser-build] + +Mullvad Browser 13.0a3 - August 21 2023 + * All Platforms + * Updated Translations + * Updated Firefox to 115.2.0esr + * Bug 220: "Firefox Suggest" string appears when search matches a bookmark [mullvad-browser] + * Bug 223: Trademarks in the about popup are not translated [mullvad-browser] + * Bug 230: Rebase MB 13.0 alpha onto 115.2.0esr [mullvad-browser] + * Bug 40924: Customize MOZ_APP_REMOTINGNAME instead of passing --name and --class [tor-browser-build] + * Bug 41833: Reload extensions on new identiy [tor-browser] + * Bug 41943: Lock javascript.options.spectre.disable_for_isolated_content to false [tor-browser] + * Bug 41984: Rename languageNotification.ftl to base-browser.ftl [tor-browser] + * Bug 42019: Empty browser's clipboard on browser shutdown [tor-browser] + * Bug 42022: Prevent extension search engines from breaking the whole search system [tor-browser] + * Bug 42029: Defense-in-depth: disable non-proxied UDP WebRTC [tor-browser] + * Linux + * Bug 40576: Fontconfig warning: remove 'blank' configuration [tor-browser-build] + * Build System + * All Platforms + * Bug 40829: Review and standardize naming scheme for browser installer/package artifacts [tor-browser-build] + * Bug 40921: staticiforme-prepare-cdn-dist-upload uses hardcoded torbrowser path for .htacess file generation [tor-browser-build] + * Bug 40922: Use base-browser.ftl instead of languageNotification.ftl [tor-browser-build] + * Bug 40923: Switch Mullvad Browser translations to the new repository [tor-browser-build] + +Mullvad Browser 13.0a2 - August 08 2023 + * All Platforms + * Updated NoScript to 11.4.26 + * Upated uBlock Origin to 1.51.0 + * Updated Firefox to 115.1.0esr + * Bug 195: Choose which locales to translate Mullvad Browser to [mullvad-browser] + * Bug 216: Rebase Mullvad Browser onto 115.1.0esr [mullvad-browser] + * Bug 30556: Re-evaluate letterboxing dimension choices [tor-browser] + * Bug 33282: Increase the max width of new windows [tor-browser] + * Bug 40916: Update updated_responses_config.yml to pull Mullvad incrementals from archive.torproject.org [tor-browser-build] + * Build System + * All Platforms + * Bug 198: Enable localization for Mullvad Browser builds [mullvad-browser] + * Bug 199: Mullvad Browser changes required to use Mullvad Browser-specific localization strings [mullvad-browser] + * Bug 40615: Consider adding a readme to the fonts directory [tor-browser-build] + * Bug 40880: The README doesn't include some dependencies needed for building incrementals [tor-browser-build] + * Bug 40907: Mar-tools aren't deterministic on 13.0a1 [tor-browser-build] + * Bug 40909: Add dan_b and ma1 to list of taggers in relevant projects [tor-browser-build] + * Bug 40913: add boklm back to list of taggers in relevant projects [tor-browser-build] + Mullvad Browser 12.5.2 - July 31 2023 * All Platforms * Updated NoScript to 11.4.26 ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,99 @@ +Tor Browser 12.5.3 - August 28 2023 + * All Platforms + * Updated Translations + * Updated OpenSSL to 1.1.1v + * Bug 42033: Rebase the releases onto 102.15.0esr [tor-browser] + * Bug 42053: Backport security fixes from Firefox 117 to ESR 102.15 - based Tor Browser [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 102.15.0esr + * Android + * Updated GeckoView to 102.15.0esr + * Build System + * All Platforms + * Updated Go to 1.20.7 + * Bug 40740: Tor Browser for Android's snowflake ClientTransportPlugin seems to be out of date [tor-browser-build] + * Bug 40786: deploy_update_responses-*.sh requires +r permissions to run [tor-browser-build] + * Bug 40905: Go vendor archives ignore the nightly version override on testbuilds [tor-browser-build] + * Bug 40913: add boklm back to list of taggers in relevant projects [tor-browser-build] + * Bug 40921: staticiforme-prepare-cdn-dist-upload uses hardcoded torbrowser path for .htacess file generation [tor-browser-build] + +Tor Browser 13.0a3 - August 21 2023 + * All Platforms + * Updated Translations + * Bug 41943: Lock javascript.options.spectre.disable_for_isolated_content to false [tor-browser] + * Bug 41984: Rename languageNotification.ftl to base-browser.ftl [tor-browser] + * Bug 42019: Empty browser's clipboard on browser shutdown [tor-browser] + * Bug 42030: Rebase the browsers to 115.2.0esr [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 115.2.0esr + * Bug 40175: Connections in reader mode are not FPI [tor-browser] + * Bug 40924: Customize MOZ_APP_REMOTINGNAME instead of passing --name and --class [tor-browser-build] + * Bug 41691: "Firefox Suggest" text appearing in UI [tor-browser] + * Bug 41833: Reload extensions on new identiy [tor-browser] + * Bug 42022: Prevent extension search engines from breaking the whole search system [tor-browser] + * Bug 42031: TBB 13.0a2: TypeError: channel.loadInfo.browsingContext.topChromeWindow.gBrowser is undefined [tor-browser] + * Linux + * Bug 40576: Fontconfig warning: remove 'blank' configuration [tor-browser-build] + * Android + * Updated GeckoView to 115.2.0esr + * Bug 42018: Rebase Firefox for Android to 115.2.1 [tor-browser] + * Build System + * All Platforms + * Bug 40829: Review and standardize naming scheme for browser installer/package artifacts [tor-browser-build] + * Bug 40921: staticiforme-prepare-cdn-dist-upload uses hardcoded torbrowser path for .htacess file generation [tor-browser-build] + * Windows + macOS + Linux + * Bug 40922: Use base-browser.ftl instead of languageNotification.ftl [tor-browser-build] + * Linux + * Bug 41967: Add a Makefile recipe to create multi-lingual dev builds [tor-browser] + +Tor Browser 13.0a2 - August 08 2023 + * All Platforms + * Updated Translations + * Updated NoScript to 11.4.26 + * Updated OpenSSL to 3.0.10 + * Updated tor to 0.4.8.3-rc + * Bug 41909: Rebase 13.0 alpha to 115.1.0 esr [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 115.1.0esr + * Bug 30556: Re-evaluate letterboxing dimension choices [tor-browser] + * Bug 33282: Increase the max width of new windows [tor-browser] + * Bug 40982: Cleanup maps in tor-circuit-display [tor-browser] + * Bug 40983: Move not UI-related torbutton.js code to modules [tor-browser] + * Bug 41844: Stop using the control port directly [tor-browser] + * Bug 41907: The bootstrap is interrupted without any errors if the process becomes ready when already bootstrapping [tor-browser] + * Bug 41922: Unify the bridge line parsers [tor-browser] + * Bug 41923: The path normalization results in warnings [tor-browser] + * Bug 41924: Small refactors for TorProcess [tor-browser] + * Bug 41925: Remove the torbutton startup process [tor-browser] + * Bug 41926: Refactor the control port client implementation [tor-browser] + * Bug 41964: 'emojiAnnotations' not defined in time in connection preferences [tor-browser] + * Android + * Updated GeckoView to 115.1.0esr + * Bug 40919: Fix nimbus-fml reproducibility of 13.0a2-build1 [tor-browser-build] + * Bug 41928: Backport Android-specific security fixes from Firefox 116 to ESR 102.14 / 115.1 - based Tor Browser [tor-browser] + * Bug 41972: Disable Firefox onboarding in 13.0 [tor-browser] + * Bug 41997: Remove all use and reference to com.adjust.sdk.Adjust which now uses AD_ID [tor-browser] + * Build System + * All Platforms + * Updated Go to 1.20.7 + * Bug 31588: Be smarter about vendoring for Rust projects [tor-browser-build] + * Bug 40855: Update toolchains for Mozilla 115 [tor-browser-build] + * Bug 40880: The README doesn't include some dependencies needed for building incrementals [tor-browser-build] + * Bug 40905: Go vendor archives ignore the nightly version override on testbuilds [tor-browser-build] + * Bug 40908: Enable the --enable-gpl config flag in tor to bring in PoW functionality [tor-browser-build] + * Bug 40909: Add dan_b and ma1 to list of taggers in relevant projects [tor-browser-build] + * Bug 40913: add boklm back to list of taggers in relevant projects [tor-browser-build] + * Windows + macOS + Linux + * Bug 40615: Consider adding a readme to the fonts directory [tor-browser-build] + * Bug 40907: Mar-tools aren't deterministic on 13.0a1 [tor-browser-build] + * Windows + * Bug 31546: Create and expose PDB files for Tor Browser debugging on Windows [tor-browser-build] + * Android + * Bug 40867: Create a RBM project for the unified Android repository [tor-browser-build] + * Bug 40917: Remove the uniffi-rs project [tor-browser-build] + * Bug 41899: Use LLD for Android [tor-browser] + * Bug 40920: Non-deterministic generation of baseline.profm file in Android apks [tor-browser-build] + Tor Browser 12.5.2 - July 31 2023 * All Platforms * Updated Translations ===================================== projects/browser/allowed_addons.json ===================================== @@ -17,7 +17,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/34/9734/13299734/13299734.pn…" } ], - "average_daily_users": 962930, + "average_daily_users": 978882, "categories": { "android": [ "experimental", @@ -31,7 +31,7 @@ "contributions_url": "https://opencollective.com/darkreader?utm_content=product-page-contribute&u…", "created": "2017-09-19T07:03:00Z", "current_version": { - "id": 5584147, + "id": 5607027, "compatibility": { "firefox": { "min": "54.0", @@ -42,7 +42,7 @@ "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/darkreader/versions/55841…", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/darkreader/versions/56070…", "is_strict_compatibility_enabled": false, "license": { "id": 22, @@ -53,22 +53,22 @@ "url": "http://www.opensource.org/license/mit" }, "release_notes": { - "en-US": "- Using passive event listeners.\n- Fixed System Automation on Firefox.\n- Fixed News section.\n- Users' fixes for websites." + "en-US": "- Optimize inline style handling (fixes DuckDuckGo issue).\n- Added an option to enable/disable the extension for all websites by default.\n- Dynamic mode fixes.\n- Users' fixes for websites." }, - "reviewed": "2023-06-26T12:31:32Z", - "version": "4.9.64", + "reviewed": "2023-08-14T10:45:12Z", + "version": "4.9.65", "files": [ { - "id": 4128489, - "created": "2023-06-22T06:55:05Z", - "hash": "sha256:c09ed43a96dccab1de3445aac263de0569e3333da330d645094e3f938f13b30e", + "id": 4151368, + "created": "2023-08-10T20:54:06Z", + "hash": "sha256:964d7fdeec1dc90b5238a82db699de7a2bbf54e3e2bf18569befff451f35f89a", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 664243, + "size": 668520, "status": "public", - "url": "https://addons.mozilla.org/firefox/downloads/file/4128489/darkreader-4.9.64…", + "url": "https://addons.mozilla.org/firefox/downloads/file/4151368/darkreader-4.9.65…", "permissions": [ "alarms", "contextMenus", @@ -146,7 +146,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2023-06-26T12:31:32Z", + "last_updated": "2023-08-14T10:45:12Z", "name": { "ar": "Dark Reader", "bn": "Dark Reader", @@ -221,10 +221,10 @@ "category": "recommended" }, "ratings": { - "average": 4.559, - "bayesian_average": 4.557842722028656, - "count": 5084, - "text_count": 1599 + "average": 4.5556, + "bayesian_average": 4.5544452547554215, + "count": 5126, + "text_count": 1613 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/reviews/", "requires_payment": false, @@ -321,7 +321,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/versions/", - "weekly_downloads": 23323 + "weekly_downloads": 24035 }, "notes": null }, @@ -337,7 +337,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/56/7656/6937656/6937656.png?…" } ], - "average_daily_users": 249584, + "average_daily_users": 250313, "categories": { "android": [ "security-privacy" @@ -553,10 +553,10 @@ "category": "recommended" }, "ratings": { - "average": 4.8164, - "bayesian_average": 4.811755496156948, - "count": 1351, - "text_count": 238 + "average": 4.8128, + "bayesian_average": 4.80816287856244, + "count": 1362, + "text_count": 241 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/reviews/", "requires_payment": false, @@ -641,7 +641,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/versions/", - "weekly_downloads": 3565 + "weekly_downloads": 3339 }, "notes": null }, @@ -657,7 +657,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/73/4073/5474073/5474073.png?…" } ], - "average_daily_users": 1076689, + "average_daily_users": 1081849, "categories": { "android": [ "security-privacy" @@ -1180,10 +1180,10 @@ "category": "recommended" }, "ratings": { - "average": 4.8004, - "bayesian_average": 4.797633259374899, - "count": 2260, - "text_count": 431 + "average": 4.8002, + "bayesian_average": 4.797433644849106, + "count": 2277, + "text_count": 434 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/reviews/", "requires_payment": false, @@ -1207,7 +1207,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/versions/", - "weekly_downloads": 17062 + "weekly_downloads": 16917 }, "notes": null }, @@ -1223,7 +1223,7 @@ "picture_url": null } ], - "average_daily_users": 6222480, + "average_daily_users": 6301759, "categories": { "android": [ "security-privacy" @@ -1388,7 +1388,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2023-07-31T14:35:40Z", + "last_updated": "2023-08-25T11:45:20Z", "name": { "ar": "uBlock Origin", "bg": "uBlock Origin", @@ -1533,10 +1533,10 @@ "category": "recommended" }, "ratings": { - "average": 4.7821, - "bayesian_average": 4.78170472062552, - "count": 15763, - "text_count": 4095 + "average": 4.7846, + "bayesian_average": 4.784204963469926, + "count": 15893, + "text_count": 4119 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/reviews/", "requires_payment": false, @@ -1598,7 +1598,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/versions/", - "weekly_downloads": 131014 + "weekly_downloads": 132922 }, "notes": null }, @@ -1614,7 +1614,7 @@ "picture_url": null } ], - "average_daily_users": 167538, + "average_daily_users": 169487, "categories": { "android": [ "photos-media" @@ -1713,10 +1713,10 @@ "category": "recommended" }, "ratings": { - "average": 4.4916, - "bayesian_average": 4.486471885365025, - "count": 1129, - "text_count": 422 + "average": 4.4938, + "bayesian_average": 4.488680120012364, + "count": 1134, + "text_count": 423 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/re…", "requires_payment": false, @@ -1738,7 +1738,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/ve…", - "weekly_downloads": 312 + "weekly_downloads": 360 }, "notes": null }, @@ -1754,7 +1754,7 @@ "picture_url": null } ], - "average_daily_users": 85413, + "average_daily_users": 84699, "categories": { "android": [ "experimental", @@ -1892,7 +1892,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/versions/", - "weekly_downloads": 1759 + "weekly_downloads": 780 }, "notes": null }, @@ -1908,7 +1908,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/64/9064/12929064/12929064.pn…" } ], - "average_daily_users": 257591, + "average_daily_users": 260726, "categories": { "android": [ "photos-media", @@ -2127,10 +2127,10 @@ "category": "recommended" }, "ratings": { - "average": 4.6525, - "bayesian_average": 4.647859623714072, - "count": 1298, - "text_count": 250 + "average": 4.654, + "bayesian_average": 4.649385850356977, + "count": 1315, + "text_count": 253 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/reviews/", "requires_payment": false, @@ -2151,7 +2151,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/versions/", - "weekly_downloads": 3948 + "weekly_downloads": 4084 }, "notes": null }, @@ -2174,7 +2174,7 @@ "picture_url": null } ], - "average_daily_users": 111141, + "average_daily_users": 111599, "categories": { "android": [ "other" @@ -2457,10 +2457,10 @@ "category": "recommended" }, "ratings": { - "average": 4.4207, - "bayesian_average": 4.416093483315006, - "count": 1229, - "text_count": 332 + "average": 4.3994, + "bayesian_average": 4.394834968432194, + "count": 1242, + "text_count": 340 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/reviews/", "requires_payment": false, @@ -2480,7 +2480,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/versions/", - "weekly_downloads": 52 + "weekly_downloads": 40 }, "notes": null }, @@ -2496,7 +2496,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/43/0143/143/143.png?modified…" } ], - "average_daily_users": 301882, + "average_daily_users": 300584, "categories": { "android": [ "performance", @@ -2614,7 +2614,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2023-07-25T09:58:54Z", + "last_updated": "2023-08-09T15:50:38Z", "name": { "de": "NoScript", "el": "NoScript", @@ -2686,10 +2686,10 @@ "category": "recommended" }, "ratings": { - "average": 4.4024, - "bayesian_average": 4.399703348010946, - "count": 2090, - "text_count": 811 + "average": 4.4003, + "bayesian_average": 4.39760012930889, + "count": 2101, + "text_count": 813 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/reviews/", "requires_payment": false, @@ -2733,7 +2733,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/", - "weekly_downloads": 7947 + "weekly_downloads": 7412 }, "notes": null }, @@ -2749,7 +2749,7 @@ "picture_url": null } ], - "average_daily_users": 149808, + "average_daily_users": 151037, "categories": { "android": [ "performance", @@ -2864,10 +2864,10 @@ "category": "recommended" }, "ratings": { - "average": 3.9005, - "bayesian_average": 3.89624887816371, - "count": 1146, - "text_count": 406 + "average": 3.9019, + "bayesian_average": 3.8976528443875473, + "count": 1152, + "text_count": 407 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/revi…", "requires_payment": false, @@ -2886,7 +2886,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/vers…", - "weekly_downloads": 1645 + "weekly_downloads": 1636 }, "notes": null } ===================================== projects/firefox/config ===================================== @@ -14,7 +14,7 @@ container: use_container: 1 var: - firefox_platform_version: 102.14.0 + firefox_platform_version: 102.15.0 firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '12.5' browser_branch: '[% c("var/browser_series") %]-1' @@ -88,7 +88,7 @@ targets: git_url: https://gitlab.torproject.org/tpo/applications/mullvad-browser.git var: branding_directory_prefix: 'mb' - browser_build: 1 + browser_build: 2 gitlab_project: https://gitlab.torproject.org/tpo/applications/mullvad-browser linux-x86_64: ===================================== projects/geckoview/config ===================================== @@ -14,7 +14,7 @@ container: use_container: 1 var: - geckoview_version: 102.14.0esr + geckoview_version: 102.15.0esr browser_branch: 12.5-1 browser_build: 2 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' ===================================== projects/go/config ===================================== @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 1.20.6 +version: 1.20.7 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' container: use_container: 1 @@ -119,7 +119,7 @@ input_files: enable: '[% ! c("var/linux") %]' - URL: 'https://golang.org/dl/go[% c("version") %].src.tar.gz' name: go - sha256sum: 62ee5bc6fb55b8bae8f705e0cb8df86d6453626b4ecf93279e2867092e0b7f70 + sha256sum: 2c5ee9c9ec1e733b0dbbc2bdfed3f62306e51d8172bf38f4f4e542b27520f597 - project: go-bootstrap name: go-bootstrap target_replace: ===================================== projects/openssl/config ===================================== @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 1.1.1u +version: 1.1.1v filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' container: use_container: 1 @@ -34,4 +34,4 @@ input_files: - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - URL: 'https://www.openssl.org/source/openssl-[% c("version") %].tar.gz' - sha256sum: e2f8d84b523eecd06c7be7626830370300fbcc15386bf5142d72758f6963ebc6 + sha256sum: d6697e2871e77238460402e9362d47d18382b15ef9f246aba6c7bd780d38a6b0 ===================================== projects/translation/config ===================================== @@ -6,19 +6,19 @@ version: '[% c("abbrev") %]' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: 3fd9777d984fb3f3c31f92c1a6be957413c3c4c7 + git_hash: 6544f03cf00e87e9b10eb20efa176b3cb97bc201 targets: nightly: git_hash: 'base-browser' base-browser-fluent: base-browser-fluent: '[% INCLUDE build %]' - git_hash: 6f64004400616a5956d1823a0e8176b60d212090 + git_hash: 03e73101667d834d79a509536e9f6cc0dc54d5eb targets: nightly: git_hash: 'basebrowser-newidentityftl' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: 70f7283dc31e6bd7b7ab954296ac960301d474f4 + git_hash: cb5b568d713c4c9b97e2373b9891490abc35d77e targets: nightly: git_hash: 'tor-browser' @@ -26,7 +26,7 @@ steps: fenix: '[% INCLUDE build %]' # We need to bump the commit before releasing but just pointing to a branch # might cause too much rebuidling of the Firefox part. - git_hash: e037147c72348192ddd38c2a21712c65031b912c + git_hash: 46dc5bacb64aba3b170ce87cf07af414faa7c35a targets: nightly: git_hash: 'fenix-torbrowserstringsxml' ===================================== rbm.conf ===================================== @@ -94,9 +94,10 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '12.5.2' + torbrowser_version: '12.5.3' torbrowser_build: 'build1' torbrowser_incremental_from: + - 12.5.2 - 12.5.1 - 12.5 updater_enabled: 1 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40740: Do not add -utls-imitate to Snowflake on tor-onion-proxy-library.
by Pier Angelo Vendrame (＠pierov) 29 Aug '23

29 Aug '23

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 3def5ce4 by Pier Angelo Vendrame at 2023-08-29T14:26:25+02:00 Bug 40740: Do not add -utls-imitate to Snowflake on tor-onion-proxy-library. This parameter added with the previous commit prevents Snowflake from working properly. So, we prefer to undo the addition (but keep the changes to the ICE server list). - - - - - 1 changed file: - projects/tor-onion-proxy-library/0001-Bug-30318-Add-snowflake-support.patch Changes: ===================================== projects/tor-onion-proxy-library/0001-Bug-30318-Add-snowflake-support.patch ===================================== @@ -71,7 +71,7 @@ index 2405097..bcb6a37 100644 - buffer.append("ClientTransportPlugin meek_lite,obfs3,obfs4 exec ").append(clientPath).append('\n'); + public TorConfigBuilder transportPlugin(String obfsPath, String snowPath) { + buffer.append("ClientTransportPlugin meek_lite,obfs3,obfs4 exec ").append(obfsPath).append('\n'); -+ buffer.append("ClientTransportPlugin snowflake exec ").append(snowPath).append(" -url https://snowflake-broker.torproject.net.global.prod.fastly.net/ -front cdn.sstatic.net -ice stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 -utls-imitate=hellorandomizedalpn\n"); ++ buffer.append("ClientTransportPlugin snowflake exec ").append(snowPath).append(" -url https://snowflake-broker.torproject.net.global.prod.fastly.net/ -front cdn.sstatic.net -ice stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478\n"); return this; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/3… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-12.5] Bug 40740: Do not add -utls-imitate to Snowflake on tor-onion-proxy-library.
by ma1 (＠ma1) 29 Aug '23

29 Aug '23

ma1 pushed to branch maint-12.5 at The Tor Project / Applications / tor-browser-build Commits: 26496b1d by Pier Angelo Vendrame at 2023-08-29T14:13:13+02:00 Bug 40740: Do not add -utls-imitate to Snowflake on tor-onion-proxy-library. This parameter added with the previous commit prevents Snowflake from working properly. So, we prefer to undo the addition (but keep the changes to the ICE server list). - - - - - 1 changed file: - projects/tor-onion-proxy-library/0001-Bug-30318-Add-snowflake-support.patch Changes: ===================================== projects/tor-onion-proxy-library/0001-Bug-30318-Add-snowflake-support.patch ===================================== @@ -71,7 +71,7 @@ index 2405097..bcb6a37 100644 - buffer.append("ClientTransportPlugin meek_lite,obfs3,obfs4 exec ").append(clientPath).append('\n'); + public TorConfigBuilder transportPlugin(String obfsPath, String snowPath) { + buffer.append("ClientTransportPlugin meek_lite,obfs3,obfs4 exec ").append(obfsPath).append('\n'); -+ buffer.append("ClientTransportPlugin snowflake exec ").append(snowPath).append(" -url https://snowflake-broker.torproject.net.global.prod.fastly.net/ -front cdn.sstatic.net -ice stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 -utls-imitate=hellorandomizedalpn\n"); ++ buffer.append("ClientTransportPlugin snowflake exec ").append(snowPath).append(" -url https://snowflake-broker.torproject.net.global.prod.fastly.net/ -front cdn.sstatic.net -ice stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478\n"); return this; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-spec][main] 2 commits: Bug 40050: FF103 Audit
by richard (＠richard) 28 Aug '23

28 Aug '23

richard pushed to branch main at The Tor Project / Applications / tor-browser-spec Commits: b98cb466 by Richard Pospesel at 2023-08-28T20:28:54+00:00 Bug 40050: FF103 Audit - - - - - 210910a0 by Richard Pospesel at 2023-08-28T20:28:54+00:00 Tweaks to code_audit.sh to also show the report if one exists - - - - - 2 changed files: - + audits/FF103_AUDIT - audits/code_audit.sh Changes: ===================================== audits/FF103_AUDIT ===================================== @@ -0,0 +1,78 @@ +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: `feef2b7da6ff76b4c3c7a13e611eab6e97837ae2` ( `FIREFOX_102_0_1_RELEASE` ) +- End: `1f1c56dc6bae6b3302471f097ed132ef44cded86` ( `FIREFOX_103_0_2_RELEASE` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +--- + +## Application Services: https://github.com/mozilla/application-services.git + +- Start: `0302b89604bb29adb34fdcd710feabd3dd01992d` ( `v93.5.0` ) +- End: `b70c54882fec606d10e77520b1dd2ae144768747` ( `v94.0.0` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Android Components: https://github.com/mozilla-mobile/android-components.git + +- Start: `c349019286e21e5179a59e33cec6ae528b108519` +- End: `ce720e6308e26588decd5f9d2b02e4658d5b9d14` ( `v103.0.11` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + + + +#### Problematic Commits +- Biometric prompt feature (#12291): `b1723820859fce1c6d0a358e1edec4f4dec39234` + +## Fenix: https://github.com/mozilla-mobile/fenix.git + +- Start: `6e0ad035e384ef1fb7d8c8ac8d398470d953e1dc` ( `v103.0.0-beta.1` ) +- End: `e0d3c03afefe699a7456214b0da140f74ef499f7` ( `v103.2.0` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Ticket Review ## + +Bugzilla Query: `https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=103%20Branch&order=priority%2Cbug_severity&limit=0` + +#### Problematic Tickets +- **Use double-conversion library instead of dtoa for string-to-double conversion** https://bugzilla.mozilla.org/show_bug.cgi?id=1770158 + - Uses upstream https://github.com/google/double-conversion from google + - Well tested and documentaiton doesn't suggest any hardware specific differences, quick look through the source suggest integer operations for the parsing/conversions ===================================== audits/code_audit.sh ===================================== @@ -148,7 +148,7 @@ case "${SCOPE}" in esac AUDIT_DIR=$(pwd) -cd "$REPO_DIR" +pushd "$REPO_DIR" # Step 2: Generate match pattern based on in-scope keywords function join_by { local d=$1; shift; local f=$1; shift; printf %s "$f" "${@/#/$d}"; } @@ -174,7 +174,7 @@ rm -f "${REPORT_FILE}" # Flashing Color constants export GREP_COLOR="05;37;41" -for COMMIT in $(git rev-list --ancestry-path $OLD..$NEW); do +for COMMIT in $(git rev-list --ancestry-path $OLD~..$NEW); do TEMP_DIFF="$(mktemp)" echo "Diffing $COMMIT..." @@ -201,6 +201,7 @@ for COMMIT in $(git rev-list --ancestry-path $OLD..$NEW); do rm -f "${TEMP_DIFF}" done +popd # Step 5: Review the code changes @@ -210,6 +211,7 @@ then echo "Report generated. View it with:" echo "" echo "less -R \"$(basename "${REPORT_FILE}")\"" + less -R "$(basename ${REPORT_FILE})" else echo "No keywords found. No report generated" fi View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/compare/b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/compare/b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40740: Android's snowflake ClientTransportPlugin parameters.
by Pier Angelo Vendrame (＠pierov) 28 Aug '23

28 Aug '23

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 29483c74 by Pier Angelo Vendrame at 2023-08-28T15:20:00+02:00 Bug 40740: Android's snowflake ClientTransportPlugin parameters. On Android we set PTs parameters with a patch to tor-onion-proxy-library, but they were not updated to the same as desktop. - - - - - 1 changed file: - projects/tor-onion-proxy-library/0001-Bug-30318-Add-snowflake-support.patch Changes: ===================================== projects/tor-onion-proxy-library/0001-Bug-30318-Add-snowflake-support.patch ===================================== @@ -71,7 +71,7 @@ index 2405097..bcb6a37 100644 - buffer.append("ClientTransportPlugin meek_lite,obfs3,obfs4 exec ").append(clientPath).append('\n'); + public TorConfigBuilder transportPlugin(String obfsPath, String snowPath) { + buffer.append("ClientTransportPlugin meek_lite,obfs3,obfs4 exec ").append(obfsPath).append('\n'); -+ buffer.append("ClientTransportPlugin snowflake exec ").append(snowPath).append(" -url https://snowflake-broker.torproject.net.global.prod.fastly.net/ -front cdn.sstatic.net -ice stun:stun.l.google.com:19302,stun:stun.voip.blackberry.com:3478,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478\n"); ++ buffer.append("ClientTransportPlugin snowflake exec ").append(snowPath).append(" -url https://snowflake-broker.torproject.net.global.prod.fastly.net/ -front cdn.sstatic.net -ice stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 -utls-imitate=hellorandomizedalpn\n"); return this; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-12.5] Bug 40740: Android's snowflake ClientTransportPlugin parameters.
by Pier Angelo Vendrame (＠pierov) 28 Aug '23

28 Aug '23

Pier Angelo Vendrame pushed to branch maint-12.5 at The Tor Project / Applications / tor-browser-build Commits: 9082991b by Pier Angelo Vendrame at 2023-08-28T15:08:45+02:00 Bug 40740: Android's snowflake ClientTransportPlugin parameters. On Android we set PTs parameters with a patch to tor-onion-proxy-library, but they were not updated to the same as desktop. - - - - - 1 changed file: - projects/tor-onion-proxy-library/0001-Bug-30318-Add-snowflake-support.patch Changes: ===================================== projects/tor-onion-proxy-library/0001-Bug-30318-Add-snowflake-support.patch ===================================== @@ -71,7 +71,7 @@ index 2405097..bcb6a37 100644 - buffer.append("ClientTransportPlugin meek_lite,obfs3,obfs4 exec ").append(clientPath).append('\n'); + public TorConfigBuilder transportPlugin(String obfsPath, String snowPath) { + buffer.append("ClientTransportPlugin meek_lite,obfs3,obfs4 exec ").append(obfsPath).append('\n'); -+ buffer.append("ClientTransportPlugin snowflake exec ").append(snowPath).append(" -url https://snowflake-broker.torproject.net.global.prod.fastly.net/ -front cdn.sstatic.net -ice stun:stun.l.google.com:19302,stun:stun.voip.blackberry.com:3478,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478\n"); ++ buffer.append("ClientTransportPlugin snowflake exec ").append(snowPath).append(" -url https://snowflake-broker.torproject.net.global.prod.fastly.net/ -front cdn.sstatic.net -ice stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 -utls-imitate=hellorandomizedalpn\n"); return this; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.2.0esr-13.0-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 28 Aug '23

28 Aug '23

Pier Angelo Vendrame pushed to branch base-browser-115.2.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: f030bc26 by Richard Pospesel at 2023-08-28T14:28:47+02:00 fixup! Firefox preference overrides. Bug 41774: Hide the 'Switching to a new device' hepl menu item - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -20,6 +20,9 @@ pref("browser.aboutwelcome.enabled", false); // Disable the Firefox View tab (tor-browser#41876) pref("browser.tabs.firefox-view", false); +// Disable 'Switching to a new device" help menu item (tor-browser#41774) +pref("browser.device-migration.help-menu.hidden", true); + // Bug 41668: allow users to apply updates. This is set also in firefox.js for // all platforms, except for Windows. As explained on firefox.js, Firefox uses a // per-installation preference on Windows. However, we patch this behavior, and View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/f030bc2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/f030bc2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.2.0esr-13.0-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 28 Aug '23

28 Aug '23

Pier Angelo Vendrame pushed to branch tor-browser-115.2.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 03567aeb by Richard Pospesel at 2023-08-26T05:28:59+00:00 fixup! Firefox preference overrides. Bug 41774: Hide the 'Switching to a new device' hepl menu item - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -20,6 +20,9 @@ pref("browser.aboutwelcome.enabled", false); // Disable the Firefox View tab (tor-browser#41876) pref("browser.tabs.firefox-view", false); +// Disable 'Switching to a new device" help menu item (tor-browser#41774) +pref("browser.device-migration.help-menu.hidden", true); + // Bug 41668: allow users to apply updates. This is set also in firefox.js for // all platforms, except for Windows. As explained on firefox.js, Firefox uses a // per-installation preference on Windows. However, we patch this behavior, and View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/03567ae… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/03567ae… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-12.5] Bug 40857: Mullvad Browser generated downloads.json references tbb-* build tag rather than mb-*
by boklm (＠boklm) 28 Aug '23

28 Aug '23

boklm pushed to branch maint-12.5 at The Tor Project / Applications / tor-browser-build Commits: 46a0782d by Richard Pospesel at 2023-08-28T10:29:52+02:00 Bug 40857: Mullvad Browser generated downloads.json references tbb-* build tag rather than mb-* - - - - - 1 changed file: - projects/release/update_responses_config.yml Changes: ===================================== projects/release/update_responses_config.yml ===================================== @@ -73,7 +73,12 @@ versions: linux64: minSupportedInstructionSet: SSE2 mar_compression: xz +[% IF c("var/tor-browser") -%] tag: 'tbb-[% c("var/torbrowser_version") %]-[% c("var/torbrowser_build") %]' +[% END -%] +[% IF c("var/mullvad-browser") -%] +tag: 'mb-[% c("var/torbrowser_version") %]-[% c("var/torbrowser_build") %]' +[% END -%] [% IF c("var/tor-browser") -%] htaccess_rewrite_rules: View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40857: Mullvad Browser generated downloads.json references tbb-* build tag rather than mb-*
by boklm (＠boklm) 28 Aug '23

28 Aug '23

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: f779c567 by Richard Pospesel at 2023-08-28T10:28:29+02:00 Bug 40857: Mullvad Browser generated downloads.json references tbb-* build tag rather than mb-* - - - - - 1 changed file: - projects/release/update_responses_config.yml Changes: ===================================== projects/release/update_responses_config.yml ===================================== @@ -68,7 +68,12 @@ versions: linux-x86_64: minSupportedInstructionSet: SSE2 mar_compression: xz +[% IF c("var/tor-browser") -%] tag: 'tbb-[% c("var/torbrowser_version") %]-[% c("var/torbrowser_build") %]' +[% END -%] +[% IF c("var/mullvad-browser") -%] +tag: 'mb-[% c("var/torbrowser_version") %]-[% c("var/torbrowser_build") %]' +[% END -%] [% IF c("var/tor-browser") -%] htaccess_rewrite_rules: View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40821: The update details URL is wrong in alphas
by boklm (＠boklm) 28 Aug '23

28 Aug '23

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: ba7fb340 by Richard Pospesel at 2023-08-28T10:22:11+02:00 Bug 40821: The update details URL is wrong in alphas - - - - - 1 changed file: - projects/release/update_responses_config.yml Changes: ===================================== projects/release/update_responses_config.yml ===================================== @@ -36,7 +36,7 @@ versions: mar_channel_id: [% c('var/mar_channel_id') %] platformVersion: [% pc('firefox', 'var/firefox_platform_version') %] [% IF c("var/tor-browser") -%] - detailsURL: https://blog.torproject.org/new-release-tor-browser-[% c("var/torbrowser_version") FILTER remove('\.') %] + detailsURL: https://blog.torproject.org/new[% IF c("var/alpha") %]-alpha[% END %]-release-tor-browser-[% c("var/torbrowser_version") FILTER remove('\.') %] [% END -%] [% IF c("var/mullvad-browser") -%] detailsURL: https://github.com/mullvad/mullvad-browser/releases/[% c("var/torbrowser_version") %] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-102.15.0esr-12.5-1-build2
by ma1 (＠ma1) 28 Aug '23

28 Aug '23

ma1 pushed new tag base-browser-102.15.0esr-12.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.15.0esr-12.5-1] 4 commits: Bug 1751583. r=media-playback-reviewers, alwu a=RyanVM
by ma1 (＠ma1) 28 Aug '23

28 Aug '23

ma1 pushed to branch base-browser-102.15.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: a416e80c by Andrew Osmond at 2023-08-28T09:56:46+02:00 Bug 1751583. r=media-playback-reviewers,alwu a=RyanVM - - - - - ceacede5 by Tim Huang at 2023-08-28T09:56:47+02:00 Bug 1842030 - Part 1: Adding CanonicalBrowsingContext::IsPrivateBrowsingActive(). r=nika The CanonicalBrowsingContext::IsPrivateBrowsingActive() function allows us to know if private browsing is active. We need it to prevent setting cookies if there is no active private browsing session. Differential Revision: https://phabricator.services.mozilla.com/D184010 - - - - - 5b85dfb4 by Tim Huang at 2023-08-28T09:56:47+02:00 Bug 1842030 - Part 2: Check the global private browsing state for HttpBaseChannel::IsBrowsingContextDiscarded() if the loadGroup is not avaiable. r=necko-reviewers,jesup The HttpBaseChannel::IsBrowsingContextDiscarded() did always return false if the loadGroup is not avaiable. But, this may not be correct for the private channels if the private session has been ended. To fix this, we make the function to check the global private browsing state if the loadGroup is not available for private channels. Depends on D184010 Differential Revision: https://phabricator.services.mozilla.com/D184479 - - - - - 61b100bc by hsingh at 2023-08-28T09:56:47+02:00 Bug 1843046: Do not allow notifications in private window. r=saschanaz, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D184064 - - - - - 11 changed files: - docshell/base/CanonicalBrowsingContext.cpp - docshell/base/CanonicalBrowsingContext.h - dom/media/gmp/GMPParent.cpp - dom/media/gmp/GMPParent.h - dom/media/gmp/GMPServiceParent.cpp - dom/notification/Notification.cpp - netwerk/protocol/http/HttpBaseChannel.cpp - netwerk/protocol/http/HttpBaseChannel.h - netwerk/protocol/http/HttpChannelParent.cpp - netwerk/test/unit/test_cookiejars.js - netwerk/test/unit_ipc/test_cookiejars_wrap.js Changes: ===================================== docshell/base/CanonicalBrowsingContext.cpp ===================================== @@ -1351,6 +1351,11 @@ uint32_t CanonicalBrowsingContext::CountSiteOrigins( return uniqueSiteOrigins.Count(); } +/* static */ +bool CanonicalBrowsingContext::IsPrivateBrowsingActive() { + return gNumberOfPrivateContexts > 0; +} + void CanonicalBrowsingContext::UpdateMediaControlAction( const MediaControlAction& aAction) { if (IsDiscarded()) { ===================================== docshell/base/CanonicalBrowsingContext.h ===================================== @@ -201,6 +201,9 @@ class CanonicalBrowsingContext final : public BrowsingContext { GlobalObject& aGlobal, const Sequence<mozilla::OwningNonNull<BrowsingContext>>& aRoots); + // Return true if a private browsing session is active. + static bool IsPrivateBrowsingActive(); + // This function would propogate the action to its all child browsing contexts // in content processes. void UpdateMediaControlAction(const MediaControlAction& aAction); ===================================== dom/media/gmp/GMPParent.cpp ===================================== @@ -64,7 +64,7 @@ namespace mozilla::gmp { #define __CLASS__ "GMPParent" GMPParent::GMPParent() - : mState(GMPStateNotLoaded), + : mState(GMPState::NotLoaded), mPluginId(GeckoChildProcessHost::GetUniqueID()), mProcess(nullptr), mDeleteProcessOnlyOnUnload(false), @@ -270,7 +270,7 @@ RefPtr<GenericPromise> GMPParent::Init(GeckoMediaPluginServiceParent* aService, } void GMPParent::Crash() { - if (mState != GMPStateNotLoaded) { + if (mState != GMPState::NotLoaded) { Unused << SendCrashPluginNow(); } } @@ -310,7 +310,7 @@ class NotifyGMPProcessLoadedTask : public Runnable { nsresult GMPParent::LoadProcess() { MOZ_ASSERT(mDirectory, "Plugin directory cannot be NULL!"); MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread()); - MOZ_ASSERT(mState == GMPStateNotLoaded); + MOZ_ASSERT(mState == GMPState::NotLoaded); nsAutoString path; if (NS_WARN_IF(NS_FAILED(mDirectory->GetPath(path)))) { @@ -388,7 +388,7 @@ nsresult GMPParent::LoadProcess() { GMP_PARENT_LOG_DEBUG("%s: Sent StartPlugin to child process", __FUNCTION__); } - mState = GMPStateLoaded; + mState = GMPState::Loaded; // Hold a self ref while the child process is alive. This ensures that // during shutdown the GMPParent stays alive long enough to @@ -418,8 +418,8 @@ void GMPParent::CloseIfUnused() { MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread()); GMP_PARENT_LOG_DEBUG("%s", __FUNCTION__); - if ((mDeleteProcessOnlyOnUnload || mState == GMPStateLoaded || - mState == GMPStateUnloading) && + if ((mDeleteProcessOnlyOnUnload || mState == GMPState::Loaded || + mState == GMPState::Unloading) && !IsUsed()) { // Ensure all timers are killed. for (uint32_t i = mTimers.Length(); i > 0; i--) { @@ -437,15 +437,16 @@ void GMPParent::CloseIfUnused() { void GMPParent::CloseActive(bool aDieWhenUnloaded) { MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread()); - GMP_PARENT_LOG_DEBUG("%s: state %d", __FUNCTION__, mState); + GMP_PARENT_LOG_DEBUG("%s: state %u", __FUNCTION__, + uint32_t(GMPState(mState))); if (aDieWhenUnloaded) { mDeleteProcessOnlyOnUnload = true; // don't allow this to go back... } - if (mState == GMPStateLoaded) { - mState = GMPStateUnloading; + if (mState == GMPState::Loaded) { + mState = GMPState::Unloading; } - if (mState != GMPStateNotLoaded && IsUsed()) { + if (mState != GMPState::NotLoaded && IsUsed()) { Unused << SendCloseActive(); CloseIfUnused(); } @@ -467,7 +468,7 @@ void GMPParent::Shutdown() { } MOZ_ASSERT(!IsUsed()); - if (mState == GMPStateNotLoaded || mState == GMPStateClosing) { + if (mState == GMPState::NotLoaded || mState == GMPState::Closing) { return; } @@ -480,7 +481,7 @@ void GMPParent::Shutdown() { // Destroy ourselves and rise from the fire to save memory mService->ReAddOnGMPThread(self); } // else we've been asked to die and stay dead - MOZ_ASSERT(mState == GMPStateNotLoaded); + MOZ_ASSERT(mState == GMPState::NotLoaded); } class NotifyGMPShutdownTask : public Runnable { @@ -524,10 +525,10 @@ void GMPParent::DeleteProcess() { MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread()); GMP_PARENT_LOG_DEBUG("%s", __FUNCTION__); - if (mState != GMPStateClosing) { + if (mState != GMPState::Closing) { // Don't Close() twice! // Probably remove when bug 1043671 is resolved - mState = GMPStateClosing; + mState = GMPState::Closing; Close(); } mProcess->Delete(NewRunnableMethod("gmp::GMPParent::ChildTerminated", this, @@ -536,7 +537,7 @@ void GMPParent::DeleteProcess() { mProcess = nullptr; #if defined(MOZ_WIDGET_ANDROID) - if (mState != GMPStateNotLoaded) { + if (mState != GMPState::NotLoaded) { nsCOMPtr<nsIEventTarget> launcherThread(GetIPCLauncher()); MOZ_ASSERT(launcherThread); @@ -553,7 +554,7 @@ void GMPParent::DeleteProcess() { } #endif // defined(MOZ_WIDGET_ANDROID) - mState = GMPStateNotLoaded; + mState = GMPState::NotLoaded; nsCOMPtr<nsIRunnable> r = new NotifyGMPShutdownTask(NS_ConvertUTF8toUTF16(mNodeId)); @@ -623,16 +624,18 @@ bool GMPCapability::Supports(const nsTArray<GMPCapability>& aCapabilities, } bool GMPParent::EnsureProcessLoaded() { - if (mState == GMPStateLoaded) { - return true; - } - if (mState == GMPStateClosing || mState == GMPStateUnloading) { - return false; + switch (mState) { + case GMPState::NotLoaded: + return NS_SUCCEEDED(LoadProcess()); + case GMPState::Loaded: + return true; + case GMPState::Unloading: + case GMPState::Closing: + return false; } - nsresult rv = LoadProcess(); - - return NS_SUCCEEDED(rv); + MOZ_ASSERT_UNREACHABLE("Unhandled GMPState!"); + return false; } void GMPParent::AddCrashAnnotations() { @@ -695,7 +698,7 @@ void GMPParent::ActorDestroy(ActorDestroyReason aWhy) { } // warn us off trying to close again - mState = GMPStateClosing; + mState = GMPState::Closing; mAbnormalShutdownInProgress = true; CloseActive(false); @@ -704,7 +707,7 @@ void GMPParent::ActorDestroy(ActorDestroyReason aWhy) { RefPtr<GMPParent> self(this); // Must not call Close() again in DeleteProcess(), as we'll recurse // infinitely if we do. - MOZ_ASSERT(mState == GMPStateClosing); + MOZ_ASSERT(mState == GMPState::Closing); DeleteProcess(); // Note: final destruction will be Dispatched to ourself mService->ReAddOnGMPThread(self); ===================================== dom/media/gmp/GMPParent.h ===================================== @@ -20,6 +20,7 @@ #include "nsString.h" #include "nsTArray.h" #include "nsIFile.h" +#include "mozilla/Atomics.h" #include "mozilla/MozPromise.h" namespace mozilla::gmp { @@ -42,12 +43,7 @@ class GMPCapability { const nsCString& aAPI, const nsCString& aTag); }; -enum GMPState { - GMPStateNotLoaded, - GMPStateLoaded, - GMPStateUnloading, - GMPStateClosing -}; +enum class GMPState : uint32_t { NotLoaded, Loaded, Unloading, Closing }; class GMPContentParent; @@ -194,7 +190,7 @@ class GMPParent final uint32_t& aArchSet); #endif - GMPState mState; + Atomic<GMPState> mState; nsCOMPtr<nsIFile> mDirectory; // plugin directory on disk nsString mName; // base name of plugin on disk, UTF-16 because used for paths nsCString mDisplayName; // name of plugin displayed to users ===================================== dom/media/gmp/GMPServiceParent.cpp ===================================== @@ -643,7 +643,7 @@ void GeckoMediaPluginServiceParent::SendFlushFOGData( MutexAutoLock lock(mMutex); for (const RefPtr<GMPParent>& gmp : mPlugins) { - if (gmp->State() != GMPState::GMPStateLoaded) { + if (gmp->State() != GMPState::Loaded) { // Plugins that are not in the Loaded state have no process attached to // them, and any IPC we would attempt to send them would be ignored (or // result in a warning on debug builds). @@ -681,7 +681,7 @@ GeckoMediaPluginServiceParent::TestTriggerMetrics() { { MutexAutoLock lock(mMutex); for (const RefPtr<GMPParent>& gmp : mPlugins) { - if (gmp->State() != GMPState::GMPStateLoaded) { + if (gmp->State() != GMPState::Loaded) { // Plugins that are not in the Loaded state have no process attached to // them, and any IPC we would attempt to send them would be ignored (or // result in a warning on debug builds). @@ -1003,7 +1003,7 @@ void GeckoMediaPluginServiceParent::RemoveOnGMPThread( } RefPtr<GMPParent> gmp = mPlugins[i]; - if (aDeleteFromDisk && gmp->State() != GMPStateNotLoaded) { + if (aDeleteFromDisk && gmp->State() != GMPState::NotLoaded) { // We have to wait for the child process to release its lib handle // before we can delete the GMP. inUse = true; @@ -1014,7 +1014,7 @@ void GeckoMediaPluginServiceParent::RemoveOnGMPThread( } } - if (gmp->State() == GMPStateNotLoaded || !aCanDefer) { + if (gmp->State() == GMPState::NotLoaded || !aCanDefer) { // GMP not in use or shutdown is being forced; can shut it down now. deadPlugins.AppendElement(gmp); mPlugins.RemoveElementAt(i); ===================================== dom/notification/Notification.cpp ===================================== @@ -478,6 +478,9 @@ NotificationPermissionRequest::Run() { bool blocked = false; if (isSystem) { mPermission = NotificationPermission::Granted; + } else if (mPrincipal->GetPrivateBrowsingId() != 0) { + mPermission = NotificationPermission::Denied; + blocked = true; } else { // File are automatically granted permission. @@ -1483,7 +1486,12 @@ already_AddRefed<Promise> Notification::RequestPermission( aRv.Throw(NS_ERROR_UNEXPECTED); return nullptr; } + nsCOMPtr<nsIPrincipal> principal = sop->GetPrincipal(); + if (!principal) { + aRv.Throw(NS_ERROR_UNEXPECTED); + return nullptr; + } RefPtr<Promise> promise = Promise::Create(window->AsGlobal(), aRv); if (aRv.Failed()) { @@ -1537,6 +1545,15 @@ NotificationPermission Notification::GetPermissionInternal(nsISupports* aGlobal, } nsCOMPtr<nsIPrincipal> principal = sop->GetPrincipal(); + if (!principal) { + aRv.Throw(NS_ERROR_UNEXPECTED); + return NotificationPermission::Denied; + } + + if (principal->GetPrivateBrowsingId() != 0) { + return NotificationPermission::Denied; + } + return GetPermissionInternal(principal, aRv); } ===================================== netwerk/protocol/http/HttpBaseChannel.cpp ===================================== @@ -2390,7 +2390,23 @@ void HttpBaseChannel::NotifySetCookie(const nsACString& aCookie) { } bool HttpBaseChannel::IsBrowsingContextDiscarded() const { - return mLoadGroup && mLoadGroup->GetIsBrowsingContextDiscarded(); + // If there is no loadGroup attached to the current channel, we check the + // global private browsing state for the private channel instead. For + // non-private channel, we will always return false here. + // + // Note that we can only access the global private browsing state in the + // parent process. So, we will fallback to just return false in the content + // process. + if (!mLoadGroup) { + if (!XRE_IsParentProcess()) { + return false; + } + + return mLoadInfo->GetOriginAttributes().mPrivateBrowsingId != 0 && + !dom::CanonicalBrowsingContext::IsPrivateBrowsingActive(); + } + + return mLoadGroup->GetIsBrowsingContextDiscarded(); } // https://mikewest.github.io/corpp/#process-navigation-response ===================================== netwerk/protocol/http/HttpBaseChannel.h ===================================== @@ -619,6 +619,7 @@ class HttpBaseChannel : public nsHashPropertyBag, friend class PrivateBrowsingChannel<HttpBaseChannel>; friend class InterceptFailedOnStop; + friend class HttpChannelParent; protected: // this section is for main-thread-only object ===================================== netwerk/protocol/http/HttpChannelParent.cpp ===================================== @@ -18,6 +18,7 @@ #include "mozilla/net/NeckoParent.h" #include "mozilla/InputStreamLengthHelper.h" #include "mozilla/IntegerPrintfMacros.h" +#include "mozilla/Preferences.h" #include "mozilla/ProfilerLabels.h" #include "mozilla/StoragePrincipalHelper.h" #include "mozilla/UniquePtr.h" @@ -2005,6 +2006,17 @@ void HttpChannelParent::SetCookie(nsCString&& aCookie) { LOG(("HttpChannelParent::SetCookie [this=%p]", this)); MOZ_ASSERT(!mAfterOnStartRequestBegun); MOZ_ASSERT(mCookie.IsEmpty()); + + // The loadGroup of the channel in the parent process could be null in the + // XPCShell content process test, see test_cookiejars_wrap.js. In this case, + // we cannot explicitly set the loadGroup for the parent channel because it's + // created from the content process. To workaround this, we add a testing pref + // to skip this check. + if (!Preferences::GetBool( + "network.cookie.skip_browsing_context_check_in_parent_for_testing") && + mChannel->IsBrowsingContextDiscarded()) { + return; + } mCookie = std::move(aCookie); } ===================================== netwerk/test/unit/test_cookiejars.js ===================================== @@ -60,6 +60,23 @@ function setupChannel(path) { }); chan.loadInfo.originAttributes = tests[i].originAttributes; chan.QueryInterface(Ci.nsIHttpChannel); + + let loadGroup = Cc["@mozilla.org/network/load-group;1"].createInstance( + Ci.nsILoadGroup + ); + + if (chan.loadInfo.originAttributes.privateBrowsingId == 0) { + loadGroup.notificationCallbacks = Cu.createLoadContext(); + chan.loadGroup = loadGroup; + + chan.notificationCallbacks = Cu.createLoadContext(); + } else { + loadGroup.notificationCallbacks = Cu.createPrivateLoadContext(); + chan.loadGroup = loadGroup; + + chan.notificationCallbacks = Cu.createPrivateLoadContext(); + } + return chan; } ===================================== netwerk/test/unit_ipc/test_cookiejars_wrap.js ===================================== @@ -4,6 +4,10 @@ function run_test() { "network.cookieJarSettings.unblocked_for_testing", true ); + Services.prefs.setBoolPref( + "network.cookie.skip_browsing_context_check_in_parent_for_testing", + true + ); Services.prefs.setIntPref("network.cookie.cookieBehavior", 0); run_test_in_child("../unit/test_cookiejars.js"); } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/21e430… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/21e430… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-12.5] Bug 40937: First window after update should go to the user-friendly release page on GitHub
by boklm (＠boklm) 28 Aug '23

28 Aug '23

boklm pushed to branch maint-12.5 at The Tor Project / Applications / tor-browser-build Commits: 97460d54 by Richard Pospesel at 2023-08-28T09:57:17+02:00 Bug 40937: First window after update should go to the user-friendly release page on GitHub - - - - - 1 changed file: - projects/release/update_responses_config.yml Changes: ===================================== projects/release/update_responses_config.yml ===================================== @@ -44,7 +44,7 @@ versions: detailsURL: https://blog.torproject.org/new-release-tor-browser-[% c("var/torbrowser_version") FILTER remove('\.') %] [% END -%] [% IF c("var/mullvad-browser") -%] - detailsURL: https://github.com/mullvad/mullvad-browser/releases/[% pc('firefox', 'git_hash') %] + detailsURL: https://github.com/mullvad/mullvad-browser/releases/[% c("var/torbrowser_version") %] [% END -%] incremental_from: [% SET incr_from = c("var/nightly") ? c("var_p/nightly_torbrowser_incremental_from") : c("var/torbrowser_incremental_from"); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40937: First window after update should go to the user-friendly release page on GitHub
by boklm (＠boklm) 28 Aug '23

28 Aug '23

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 0923f92d by Richard Pospesel at 2023-08-28T09:55:22+02:00 Bug 40937: First window after update should go to the user-friendly release page on GitHub - - - - - 1 changed file: - projects/release/update_responses_config.yml Changes: ===================================== projects/release/update_responses_config.yml ===================================== @@ -39,7 +39,7 @@ versions: detailsURL: https://blog.torproject.org/new-release-tor-browser-[% c("var/torbrowser_version") FILTER remove('\.') %] [% END -%] [% IF c("var/mullvad-browser") -%] - detailsURL: https://github.com/mullvad/mullvad-browser/releases/[% pc('firefox', 'git_hash') %] + detailsURL: https://github.com/mullvad/mullvad-browser/releases/[% c("var/torbrowser_version") %] [% END -%] incremental_from: [% SET incr_from = c("var/nightly") ? c("var_p/nightly_torbrowser_incremental_from") : c("var/torbrowser_incremental_from"); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-102.15.0esr-12.5-1-build2
by ma1 (＠ma1) 28 Aug '23

28 Aug '23

ma1 pushed new tag tor-browser-102.15.0esr-12.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-12.5] Bug 40876: deploy_update_responses-*.sh requires +r permissions to run
by boklm (＠boklm) 28 Aug '23

28 Aug '23

boklm pushed to branch maint-12.5 at The Tor Project / Applications / tor-browser-build Commits: dc2d08b0 by Richard Pospesel at 2023-08-28T09:50:54+02:00 Bug 40876: deploy_update_responses-*.sh requires +r permissions to run - - - - - 1 changed file: - tools/signing/upload-update_responses-to-staticiforme Changes: ===================================== tools/signing/upload-update_responses-to-staticiforme ===================================== @@ -54,7 +54,7 @@ git checkout "$update_responses_commit" static-update-component aus1.torproject.org EOF -chmod +x $deploy_script +chmod +rx $deploy_script scp -p $deploy_script $ssh_host_staticiforme:deploy_update_responses-$tbb_version_type.sh echo 'To enable updates you can now run:' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40876: deploy_update_responses-*.sh requires +r permissions to run
by boklm (＠boklm) 28 Aug '23

28 Aug '23

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 7f71f482 by Richard Pospesel at 2023-08-26T01:31:10+00:00 Bug 40876: deploy_update_responses-*.sh requires +r permissions to run - - - - - 1 changed file: - tools/signing/upload-update_responses-to-staticiforme Changes: ===================================== tools/signing/upload-update_responses-to-staticiforme ===================================== @@ -54,7 +54,7 @@ git checkout "$update_responses_commit" static-update-component aus1.torproject.org EOF -chmod +x $deploy_script +chmod +rx $deploy_script scp -p $deploy_script $ssh_host_staticiforme:deploy_update_responses-$tbb_version_type.sh echo 'To enable updates you can now run:' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.15.0esr-12.5-1] 4 commits: Bug 1751583. r=media-playback-reviewers, alwu a=RyanVM
by ma1 (＠ma1) 28 Aug '23

28 Aug '23

ma1 pushed to branch tor-browser-102.15.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 0db28aff by Andrew Osmond at 2023-08-27T12:55:13+02:00 Bug 1751583. r=media-playback-reviewers,alwu a=RyanVM - - - - - 8cab913f by Tim Huang at 2023-08-27T15:46:35+02:00 Bug 1842030 - Part 1: Adding CanonicalBrowsingContext::IsPrivateBrowsingActive(). r=nika The CanonicalBrowsingContext::IsPrivateBrowsingActive() function allows us to know if private browsing is active. We need it to prevent setting cookies if there is no active private browsing session. Differential Revision: https://phabricator.services.mozilla.com/D184010 - - - - - 0293325a by Tim Huang at 2023-08-27T15:46:35+02:00 Bug 1842030 - Part 2: Check the global private browsing state for HttpBaseChannel::IsBrowsingContextDiscarded() if the loadGroup is not avaiable. r=necko-reviewers,jesup The HttpBaseChannel::IsBrowsingContextDiscarded() did always return false if the loadGroup is not avaiable. But, this may not be correct for the private channels if the private session has been ended. To fix this, we make the function to check the global private browsing state if the loadGroup is not available for private channels. Depends on D184010 Differential Revision: https://phabricator.services.mozilla.com/D184479 - - - - - ee0e3ac2 by hsingh at 2023-08-27T17:55:05+02:00 Bug 1843046: Do not allow notifications in private window. r=saschanaz, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D184064 - - - - - 11 changed files: - docshell/base/CanonicalBrowsingContext.cpp - docshell/base/CanonicalBrowsingContext.h - dom/media/gmp/GMPParent.cpp - dom/media/gmp/GMPParent.h - dom/media/gmp/GMPServiceParent.cpp - dom/notification/Notification.cpp - netwerk/protocol/http/HttpBaseChannel.cpp - netwerk/protocol/http/HttpBaseChannel.h - netwerk/protocol/http/HttpChannelParent.cpp - netwerk/test/unit/test_cookiejars.js - netwerk/test/unit_ipc/test_cookiejars_wrap.js Changes: ===================================== docshell/base/CanonicalBrowsingContext.cpp ===================================== @@ -1351,6 +1351,11 @@ uint32_t CanonicalBrowsingContext::CountSiteOrigins( return uniqueSiteOrigins.Count(); } +/* static */ +bool CanonicalBrowsingContext::IsPrivateBrowsingActive() { + return gNumberOfPrivateContexts > 0; +} + void CanonicalBrowsingContext::UpdateMediaControlAction( const MediaControlAction& aAction) { if (IsDiscarded()) { ===================================== docshell/base/CanonicalBrowsingContext.h ===================================== @@ -201,6 +201,9 @@ class CanonicalBrowsingContext final : public BrowsingContext { GlobalObject& aGlobal, const Sequence<mozilla::OwningNonNull<BrowsingContext>>& aRoots); + // Return true if a private browsing session is active. + static bool IsPrivateBrowsingActive(); + // This function would propogate the action to its all child browsing contexts // in content processes. void UpdateMediaControlAction(const MediaControlAction& aAction); ===================================== dom/media/gmp/GMPParent.cpp ===================================== @@ -64,7 +64,7 @@ namespace mozilla::gmp { #define __CLASS__ "GMPParent" GMPParent::GMPParent() - : mState(GMPStateNotLoaded), + : mState(GMPState::NotLoaded), mPluginId(GeckoChildProcessHost::GetUniqueID()), mProcess(nullptr), mDeleteProcessOnlyOnUnload(false), @@ -270,7 +270,7 @@ RefPtr<GenericPromise> GMPParent::Init(GeckoMediaPluginServiceParent* aService, } void GMPParent::Crash() { - if (mState != GMPStateNotLoaded) { + if (mState != GMPState::NotLoaded) { Unused << SendCrashPluginNow(); } } @@ -310,7 +310,7 @@ class NotifyGMPProcessLoadedTask : public Runnable { nsresult GMPParent::LoadProcess() { MOZ_ASSERT(mDirectory, "Plugin directory cannot be NULL!"); MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread()); - MOZ_ASSERT(mState == GMPStateNotLoaded); + MOZ_ASSERT(mState == GMPState::NotLoaded); nsAutoString path; if (NS_WARN_IF(NS_FAILED(mDirectory->GetPath(path)))) { @@ -388,7 +388,7 @@ nsresult GMPParent::LoadProcess() { GMP_PARENT_LOG_DEBUG("%s: Sent StartPlugin to child process", __FUNCTION__); } - mState = GMPStateLoaded; + mState = GMPState::Loaded; // Hold a self ref while the child process is alive. This ensures that // during shutdown the GMPParent stays alive long enough to @@ -418,8 +418,8 @@ void GMPParent::CloseIfUnused() { MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread()); GMP_PARENT_LOG_DEBUG("%s", __FUNCTION__); - if ((mDeleteProcessOnlyOnUnload || mState == GMPStateLoaded || - mState == GMPStateUnloading) && + if ((mDeleteProcessOnlyOnUnload || mState == GMPState::Loaded || + mState == GMPState::Unloading) && !IsUsed()) { // Ensure all timers are killed. for (uint32_t i = mTimers.Length(); i > 0; i--) { @@ -437,15 +437,16 @@ void GMPParent::CloseIfUnused() { void GMPParent::CloseActive(bool aDieWhenUnloaded) { MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread()); - GMP_PARENT_LOG_DEBUG("%s: state %d", __FUNCTION__, mState); + GMP_PARENT_LOG_DEBUG("%s: state %u", __FUNCTION__, + uint32_t(GMPState(mState))); if (aDieWhenUnloaded) { mDeleteProcessOnlyOnUnload = true; // don't allow this to go back... } - if (mState == GMPStateLoaded) { - mState = GMPStateUnloading; + if (mState == GMPState::Loaded) { + mState = GMPState::Unloading; } - if (mState != GMPStateNotLoaded && IsUsed()) { + if (mState != GMPState::NotLoaded && IsUsed()) { Unused << SendCloseActive(); CloseIfUnused(); } @@ -467,7 +468,7 @@ void GMPParent::Shutdown() { } MOZ_ASSERT(!IsUsed()); - if (mState == GMPStateNotLoaded || mState == GMPStateClosing) { + if (mState == GMPState::NotLoaded || mState == GMPState::Closing) { return; } @@ -480,7 +481,7 @@ void GMPParent::Shutdown() { // Destroy ourselves and rise from the fire to save memory mService->ReAddOnGMPThread(self); } // else we've been asked to die and stay dead - MOZ_ASSERT(mState == GMPStateNotLoaded); + MOZ_ASSERT(mState == GMPState::NotLoaded); } class NotifyGMPShutdownTask : public Runnable { @@ -524,10 +525,10 @@ void GMPParent::DeleteProcess() { MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread()); GMP_PARENT_LOG_DEBUG("%s", __FUNCTION__); - if (mState != GMPStateClosing) { + if (mState != GMPState::Closing) { // Don't Close() twice! // Probably remove when bug 1043671 is resolved - mState = GMPStateClosing; + mState = GMPState::Closing; Close(); } mProcess->Delete(NewRunnableMethod("gmp::GMPParent::ChildTerminated", this, @@ -536,7 +537,7 @@ void GMPParent::DeleteProcess() { mProcess = nullptr; #if defined(MOZ_WIDGET_ANDROID) - if (mState != GMPStateNotLoaded) { + if (mState != GMPState::NotLoaded) { nsCOMPtr<nsIEventTarget> launcherThread(GetIPCLauncher()); MOZ_ASSERT(launcherThread); @@ -553,7 +554,7 @@ void GMPParent::DeleteProcess() { } #endif // defined(MOZ_WIDGET_ANDROID) - mState = GMPStateNotLoaded; + mState = GMPState::NotLoaded; nsCOMPtr<nsIRunnable> r = new NotifyGMPShutdownTask(NS_ConvertUTF8toUTF16(mNodeId)); @@ -623,16 +624,18 @@ bool GMPCapability::Supports(const nsTArray<GMPCapability>& aCapabilities, } bool GMPParent::EnsureProcessLoaded() { - if (mState == GMPStateLoaded) { - return true; - } - if (mState == GMPStateClosing || mState == GMPStateUnloading) { - return false; + switch (mState) { + case GMPState::NotLoaded: + return NS_SUCCEEDED(LoadProcess()); + case GMPState::Loaded: + return true; + case GMPState::Unloading: + case GMPState::Closing: + return false; } - nsresult rv = LoadProcess(); - - return NS_SUCCEEDED(rv); + MOZ_ASSERT_UNREACHABLE("Unhandled GMPState!"); + return false; } void GMPParent::AddCrashAnnotations() { @@ -695,7 +698,7 @@ void GMPParent::ActorDestroy(ActorDestroyReason aWhy) { } // warn us off trying to close again - mState = GMPStateClosing; + mState = GMPState::Closing; mAbnormalShutdownInProgress = true; CloseActive(false); @@ -704,7 +707,7 @@ void GMPParent::ActorDestroy(ActorDestroyReason aWhy) { RefPtr<GMPParent> self(this); // Must not call Close() again in DeleteProcess(), as we'll recurse // infinitely if we do. - MOZ_ASSERT(mState == GMPStateClosing); + MOZ_ASSERT(mState == GMPState::Closing); DeleteProcess(); // Note: final destruction will be Dispatched to ourself mService->ReAddOnGMPThread(self); ===================================== dom/media/gmp/GMPParent.h ===================================== @@ -20,6 +20,7 @@ #include "nsString.h" #include "nsTArray.h" #include "nsIFile.h" +#include "mozilla/Atomics.h" #include "mozilla/MozPromise.h" namespace mozilla::gmp { @@ -42,12 +43,7 @@ class GMPCapability { const nsCString& aAPI, const nsCString& aTag); }; -enum GMPState { - GMPStateNotLoaded, - GMPStateLoaded, - GMPStateUnloading, - GMPStateClosing -}; +enum class GMPState : uint32_t { NotLoaded, Loaded, Unloading, Closing }; class GMPContentParent; @@ -194,7 +190,7 @@ class GMPParent final uint32_t& aArchSet); #endif - GMPState mState; + Atomic<GMPState> mState; nsCOMPtr<nsIFile> mDirectory; // plugin directory on disk nsString mName; // base name of plugin on disk, UTF-16 because used for paths nsCString mDisplayName; // name of plugin displayed to users ===================================== dom/media/gmp/GMPServiceParent.cpp ===================================== @@ -643,7 +643,7 @@ void GeckoMediaPluginServiceParent::SendFlushFOGData( MutexAutoLock lock(mMutex); for (const RefPtr<GMPParent>& gmp : mPlugins) { - if (gmp->State() != GMPState::GMPStateLoaded) { + if (gmp->State() != GMPState::Loaded) { // Plugins that are not in the Loaded state have no process attached to // them, and any IPC we would attempt to send them would be ignored (or // result in a warning on debug builds). @@ -681,7 +681,7 @@ GeckoMediaPluginServiceParent::TestTriggerMetrics() { { MutexAutoLock lock(mMutex); for (const RefPtr<GMPParent>& gmp : mPlugins) { - if (gmp->State() != GMPState::GMPStateLoaded) { + if (gmp->State() != GMPState::Loaded) { // Plugins that are not in the Loaded state have no process attached to // them, and any IPC we would attempt to send them would be ignored (or // result in a warning on debug builds). @@ -1003,7 +1003,7 @@ void GeckoMediaPluginServiceParent::RemoveOnGMPThread( } RefPtr<GMPParent> gmp = mPlugins[i]; - if (aDeleteFromDisk && gmp->State() != GMPStateNotLoaded) { + if (aDeleteFromDisk && gmp->State() != GMPState::NotLoaded) { // We have to wait for the child process to release its lib handle // before we can delete the GMP. inUse = true; @@ -1014,7 +1014,7 @@ void GeckoMediaPluginServiceParent::RemoveOnGMPThread( } } - if (gmp->State() == GMPStateNotLoaded || !aCanDefer) { + if (gmp->State() == GMPState::NotLoaded || !aCanDefer) { // GMP not in use or shutdown is being forced; can shut it down now. deadPlugins.AppendElement(gmp); mPlugins.RemoveElementAt(i); ===================================== dom/notification/Notification.cpp ===================================== @@ -478,6 +478,9 @@ NotificationPermissionRequest::Run() { bool blocked = false; if (isSystem) { mPermission = NotificationPermission::Granted; + } else if (mPrincipal->GetPrivateBrowsingId() != 0) { + mPermission = NotificationPermission::Denied; + blocked = true; } else { // File are automatically granted permission. @@ -1483,7 +1486,12 @@ already_AddRefed<Promise> Notification::RequestPermission( aRv.Throw(NS_ERROR_UNEXPECTED); return nullptr; } + nsCOMPtr<nsIPrincipal> principal = sop->GetPrincipal(); + if (!principal) { + aRv.Throw(NS_ERROR_UNEXPECTED); + return nullptr; + } RefPtr<Promise> promise = Promise::Create(window->AsGlobal(), aRv); if (aRv.Failed()) { @@ -1537,6 +1545,15 @@ NotificationPermission Notification::GetPermissionInternal(nsISupports* aGlobal, } nsCOMPtr<nsIPrincipal> principal = sop->GetPrincipal(); + if (!principal) { + aRv.Throw(NS_ERROR_UNEXPECTED); + return NotificationPermission::Denied; + } + + if (principal->GetPrivateBrowsingId() != 0) { + return NotificationPermission::Denied; + } + return GetPermissionInternal(principal, aRv); } ===================================== netwerk/protocol/http/HttpBaseChannel.cpp ===================================== @@ -2390,7 +2390,23 @@ void HttpBaseChannel::NotifySetCookie(const nsACString& aCookie) { } bool HttpBaseChannel::IsBrowsingContextDiscarded() const { - return mLoadGroup && mLoadGroup->GetIsBrowsingContextDiscarded(); + // If there is no loadGroup attached to the current channel, we check the + // global private browsing state for the private channel instead. For + // non-private channel, we will always return false here. + // + // Note that we can only access the global private browsing state in the + // parent process. So, we will fallback to just return false in the content + // process. + if (!mLoadGroup) { + if (!XRE_IsParentProcess()) { + return false; + } + + return mLoadInfo->GetOriginAttributes().mPrivateBrowsingId != 0 && + !dom::CanonicalBrowsingContext::IsPrivateBrowsingActive(); + } + + return mLoadGroup->GetIsBrowsingContextDiscarded(); } // https://mikewest.github.io/corpp/#process-navigation-response ===================================== netwerk/protocol/http/HttpBaseChannel.h ===================================== @@ -619,6 +619,7 @@ class HttpBaseChannel : public nsHashPropertyBag, friend class PrivateBrowsingChannel<HttpBaseChannel>; friend class InterceptFailedOnStop; + friend class HttpChannelParent; protected: // this section is for main-thread-only object ===================================== netwerk/protocol/http/HttpChannelParent.cpp ===================================== @@ -18,6 +18,7 @@ #include "mozilla/net/NeckoParent.h" #include "mozilla/InputStreamLengthHelper.h" #include "mozilla/IntegerPrintfMacros.h" +#include "mozilla/Preferences.h" #include "mozilla/ProfilerLabels.h" #include "mozilla/StoragePrincipalHelper.h" #include "mozilla/UniquePtr.h" @@ -2005,6 +2006,17 @@ void HttpChannelParent::SetCookie(nsCString&& aCookie) { LOG(("HttpChannelParent::SetCookie [this=%p]", this)); MOZ_ASSERT(!mAfterOnStartRequestBegun); MOZ_ASSERT(mCookie.IsEmpty()); + + // The loadGroup of the channel in the parent process could be null in the + // XPCShell content process test, see test_cookiejars_wrap.js. In this case, + // we cannot explicitly set the loadGroup for the parent channel because it's + // created from the content process. To workaround this, we add a testing pref + // to skip this check. + if (!Preferences::GetBool( + "network.cookie.skip_browsing_context_check_in_parent_for_testing") && + mChannel->IsBrowsingContextDiscarded()) { + return; + } mCookie = std::move(aCookie); } ===================================== netwerk/test/unit/test_cookiejars.js ===================================== @@ -60,6 +60,23 @@ function setupChannel(path) { }); chan.loadInfo.originAttributes = tests[i].originAttributes; chan.QueryInterface(Ci.nsIHttpChannel); + + let loadGroup = Cc["@mozilla.org/network/load-group;1"].createInstance( + Ci.nsILoadGroup + ); + + if (chan.loadInfo.originAttributes.privateBrowsingId == 0) { + loadGroup.notificationCallbacks = Cu.createLoadContext(); + chan.loadGroup = loadGroup; + + chan.notificationCallbacks = Cu.createLoadContext(); + } else { + loadGroup.notificationCallbacks = Cu.createPrivateLoadContext(); + chan.loadGroup = loadGroup; + + chan.notificationCallbacks = Cu.createPrivateLoadContext(); + } + return chan; } ===================================== netwerk/test/unit_ipc/test_cookiejars_wrap.js ===================================== @@ -4,6 +4,10 @@ function run_test() { "network.cookieJarSettings.unblocked_for_testing", true ); + Services.prefs.setBoolPref( + "network.cookie.skip_browsing_context_check_in_parent_for_testing", + true + ); Services.prefs.setIntPref("network.cookie.cookieBehavior", 0); run_test_in_child("../unit/test_cookiejars.js"); } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/8bd814… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/8bd814… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.2.0esr-13.0-1] fixup! Firefox preference overrides.
by richard (＠richard) 25 Aug '23

25 Aug '23

richard pushed to branch base-browser-115.2.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 503b6ae4 by Pier Angelo Vendrame at 2023-08-25T19:20:41+00:00 fixup! Firefox preference overrides. Bug 42043: Enable media.devices.enumerate.legacy.enabled. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -282,6 +282,11 @@ pref("dom.enable_resource_timing", false); // Bug 13024: To hell with this API pref("privacy.resistFingerprinting.block_mozAddonManager", true); // Bug 26114 pref("dom.webaudio.enabled", false); // Bug 13017: Disable Web Audio API pref("dom.webmidi.enabled", false); // Bug 41398: Disable Web MIDI API +// tor-browser#42043: Stop reporting device IDs (and spoof their number without +// RFP, RFP already reports 1 audioinput and 1 videoinput, but still has +// randomized IDs when this pref is true). +// Defense-in-depth (already the default value) from Firefox 119 or 120. +pref("media.devices.enumerate.legacy.enabled", false); pref("dom.w3c_touch_events.enabled", 0); // Bug 10286: Always disable Touch API pref("dom.vr.enabled", false); // Bug 21607: Disable WebVR for now pref("security.webauth.webauthn", false); // Bug 26614: Disable Web Authentication API for now View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/503b6ae… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/503b6ae… You're receiving this email because of your account on gitlab.torproject.org.

1 0